Hacking Team data leak 'reveals links to Sudan and Russia'

Cyber criminals hack spy tool vendor to 'show it sold products to UN-embargoed Sudan'

A surveillance and exploit tool vendor has been hacked, with documents revealing commercial links to countries it has denied doing business with.

The Italian company, Hacking Team, specialises in "offensive security", providing software to gain access to systems and collect data undetected.

However, its network was compromised at some point on Sunday evening by unknown cyber criminals, who hijacked its Twitter page to rename it 'Hacked Team', and posted a link to a torrent containing 400GB of stolen information.

The leaked files appear to show links between Hacking Team and countries such as Sudan and the United Arab Emirates.

Advertisement - Article continues below
Advertisement - Article continues below

Both governments have been criticised by Human Rights Watch in the past for oppressive regimes, and Sudan in particular is currently under a UN trade embargo.

A report by Citizen Lab in 2014 suggested that Hacking Team's Remote Control software was in use in the Sudan despite the embargo banning this, and a UN investigation has been ongoing for around a year.

Hacking Team has previously stated that it "has no business relations or any agreements that would allow the Sudan or any entity in its territory to use the software", but the leaked files suggest this is not true.

An invoice dated 5 September 2012 references a contract signed on 29 June that year between Sudan and Hacking Team.

The contract, apparently for the vendor's Remote Control software, was worth 960,000.

An internal maintenance document listing customers' subscription statuses also lists Sudan as "not officially supported"  a category it shares with Russia.

Advertisement - Article continues below

Speaking with IBTimes in 2013, Eric Rabe, Hacking Team's head of communications, was keen to emphasise the legality of the company's dealings.

"The process under which Hacking Team sells its products is designed to make sure they are not abused and they are used in accordance with the applicable laws and international standards such as black lists that restrict where some products like this can be sold," he told the site.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


Policy & legislation

Government announces review of IR35 off-payroll changes

8 Jan 2020
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Are you taking enough accountability on cyber security?

18 Dec 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020